/*
 * @(#)JarFile.java	1.70 10/03/23
 *
 * Copyright (c) 2006, 2009, Oracle and/or its affiliates. All rights reserved.
 * ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
 */

package java.util.jar;

import java.io.*;
import java.net.URL;
import java.lang.ref.SoftReference;
import java.util.*;
import java.util.zip.*;
import java.security.CodeSigner;
import java.security.CodeSource;
import java.security.cert.Certificate;
import java.security.AccessController;
import sun.security.action.GetPropertyAction;
import sun.security.util.ManifestEntryVerifier;
import sun.misc.SharedSecrets;

/**
 * The <code>JarFile</code> class is used to read the contents of a jar file
 * from any file that can be opened with <code>java.io.RandomAccessFile</code>.
 * It extends the class <code>java.util.zip.ZipFile</code> with support
 * for reading an optional <code>Manifest</code> entry. The
 * <code>Manifest</code> can be used to specify meta-information about the
 * jar file and its entries.
 *
 * <p> Unless otherwise noted, passing a <tt>null</tt> argument to a constructor
 * or method in this class will cause a {@link NullPointerException} to be
 * thrown.
 *
 * @author  David Connelly
 * @version 1.70, 03/23/10
 * @see	    Manifest
 * @see     java.util.zip.ZipFile
 * @see     java.util.jar.JarEntry
 * @since   1.2
 */
public
class JarFile extends ZipFile {
    private SoftReference<Manifest> manRef;
    private JarEntry manEntry;
    private JarVerifier jv;
    private boolean jvInitialized;
    private boolean verify;
    private boolean computedHasClassPathAttribute;
    private boolean hasClassPathAttribute;

    // Set up JavaUtilJarAccess in SharedSecrets
    static {
        SharedSecrets.setJavaUtilJarAccess(new JavaUtilJarAccessImpl());
    }

    /**
     * The JAR manifest file name.
     */
    public static final String MANIFEST_NAME = "META-INF/MANIFEST.MF";

    /**
     * Creates a new <code>JarFile</code> to read from the specified
     * file <code>name</code>. The <code>JarFile</code> will be verified if
     * it is signed.
     * @param name the name of the jar file to be opened for reading
     * @throws IOException if an I/O error has occurred
     * @throws SecurityException if access to the file is denied
     *         by the SecurityManager
     */
    public JarFile(String name) throws IOException {
	this(new File(name), true, ZipFile.OPEN_READ);
    }

    /**
     * Creates a new <code>JarFile</code> to read from the specified
     * file <code>name</code>.
     * @param name the name of the jar file to be opened for reading
     * @param verify whether or not to verify the jar file if
     * it is signed.
     * @throws IOException if an I/O error has occurred
     * @throws SecurityException if access to the file is denied
     *         by the SecurityManager 
     */
    public JarFile(String name, boolean verify) throws IOException {
        this(new File(name), verify, ZipFile.OPEN_READ);
    }

    /**
     * Creates a new <code>JarFile</code> to read from the specified
     * <code>File</code> object. The <code>JarFile</code> will be verified if
     * it is signed.
     * @param file the jar file to be opened for reading
     * @throws IOException if an I/O error has occurred
     * @throws SecurityException if access to the file is denied
     *         by the SecurityManager
     */
    public JarFile(File file) throws IOException {
	this(file, true, ZipFile.OPEN_READ);
    }


    /**
     * Creates a new <code>JarFile</code> to read from the specified
     * <code>File</code> object.
     * @param file the jar file to be opened for reading
     * @param verify whether or not to verify the jar file if
     * it is signed.
     * @throws IOException if an I/O error has occurred
     * @throws SecurityException if access to the file is denied
     *         by the SecurityManager.
     */
    public JarFile(File file, boolean verify) throws IOException {
	this(file, verify, ZipFile.OPEN_READ);
    }


    /**
     * Creates a new <code>JarFile</code> to read from the specified
     * <code>File</code> object in the specified mode.  The mode argument
     * must be either <tt>OPEN_READ</tt> or <tt>OPEN_READ | OPEN_DELETE</tt>.
     *
     * @param file the jar file to be opened for reading
     * @param verify whether or not to verify the jar file if
     * it is signed.
     * @param mode the mode in which the file is to be opened
     * @throws IOException if an I/O error has occurred
     * @throws IllegalArgumentException
     *         if the <tt>mode</tt> argument is invalid
     * @throws SecurityException if access to the file is denied
     *         by the SecurityManager
     * @since 1.3
     */
    public JarFile(File file, boolean verify, int mode) throws IOException {
	super(file, mode);
	this.verify = verify;
    }

    /**
     * Returns the jar file manifest, or <code>null</code> if none.
     *
     * @return the jar file manifest, or <code>null</code> if none
     *
     * @throws IllegalStateException
     *         may be thrown if the jar file has been closed
     */
    public Manifest getManifest() throws IOException {
	return getManifestFromReference();
    }

    private Manifest getManifestFromReference() throws IOException {
	Manifest man = manRef != null ? manRef.get() : null;

	if (man == null) {
	  
	    JarEntry manEntry = getManEntry();
	    
	    // If found then load the manifest
	    if (manEntry != null) {
		if (verify) {
		    byte[] b = getBytes(manEntry);
		    man = new Manifest(new ByteArrayInputStream(b));
		    if (!jvInitialized) {
		        jv = new JarVerifier(b);
		    }
		} else {
		    man = new Manifest(super.getInputStream(manEntry));
		}
	        manRef = new SoftReference(man);
	    }
	}
	return man;
    }

    private native String[] getMetaInfEntryNames();

    /**
     * Returns the <code>JarEntry</code> for the given entry name or
     * <code>null</code> if not found.
     *
     * @param name the jar file entry name
     * @return the <code>JarEntry</code> for the given entry name or
     *         <code>null</code> if not found.
     *
     * @throws IllegalStateException
     *         may be thrown if the jar file has been closed
     *
     * @see java.util.jar.JarEntry
     */
    public JarEntry getJarEntry(String name) {
	return (JarEntry)getEntry(name);
    }

    /**
     * Returns the <code>ZipEntry</code> for the given entry name or
     * <code>null</code> if not found.
     *
     * @param name the jar file entry name
     * @return the <code>ZipEntry</code> for the given entry name or
     *         <code>null</code> if not found
     *
     * @throws IllegalStateException
     *         may be thrown if the jar file has been closed
     *
     * @see java.util.zip.ZipEntry
     */
    public ZipEntry getEntry(String name) {
	ZipEntry ze = super.getEntry(name);
	if (ze != null) {
	    return new JarFileEntry(ze);
	}
	return null;
    }

    /**
     * Returns an enumeration of the zip file entries.
     */
    public Enumeration<JarEntry> entries() {
	final Enumeration enum_ = super.entries();
	return new Enumeration<JarEntry>() {
	    public boolean hasMoreElements() {
		return enum_.hasMoreElements();
	    }
	    public JarFileEntry nextElement() {
		ZipEntry ze = (ZipEntry)enum_.nextElement();
		return new JarFileEntry(ze);
	    }
	};
    }

    private class JarFileEntry extends JarEntry {
	JarFileEntry(ZipEntry ze) {
	    super(ze);
	}
	public Attributes getAttributes() throws IOException {
	    Manifest man = JarFile.this.getManifest();
	    if (man != null) {
		return man.getAttributes(getName());
	    } else {
		return null;
	    }
	}
	public Certificate[] getCertificates() {
            try {
                maybeInstantiateVerifier();
            } catch (IOException e) {
                throw new RuntimeException(e);
            }
	    if (certs == null && jv != null) {
		certs = jv.getCerts(JarFile.this, this);
	    }
	    return certs == null ? null : (Certificate[]) certs.clone();
	}
	public CodeSigner[] getCodeSigners() {
	    try {
		maybeInstantiateVerifier();
	    } catch (IOException e) {
		throw new RuntimeException(e);
	    }
	    if (signers == null && jv != null) {
		signers = jv.getCodeSigners(JarFile.this, this);
	    }
	    return signers == null ? null : (CodeSigner[]) signers.clone();
	}
    }
	    
    /*
     * Ensures that the JarVerifier has been created if one is
     * necessary (i.e., the jar appears to be signed.) This is done as
     * a quick check to avoid processing of the manifest for unsigned
     * jars.
     */
    private void maybeInstantiateVerifier() throws IOException {
        if (jv != null) {
            return;
        }

        if (verify) {
            String[] names = getMetaInfEntryNames();
            if (names != null) {
                for (int i = 0; i < names.length; i++) {
                    String name = names[i].toUpperCase(Locale.ENGLISH);
                    if (name.endsWith(".DSA") ||
                        name.endsWith(".RSA") ||
                        name.endsWith(".SF")) {
                        // Assume since we found a signature-related file
                        // that the jar is signed and that we therefore
                        // need a JarVerifier and Manifest
                        getManifest();
                        return;
                    }
                }
            }
            // No signature-related files; don't instantiate a
            // verifier
            verify = false;
        }
    }


    /*
     * Initializes the verifier object by reading all the manifest
     * entries and passing them to the verifier.
     */
    private void initializeVerifier() {
	ManifestEntryVerifier mev = null;

	// Verify "META-INF/" entries...
	try {
	    String[] names = getMetaInfEntryNames();
	    if (names != null) {
		for (int i = 0; i < names.length; i++) {
		    JarEntry e = getJarEntry(names[i]);
		    if (!e.isDirectory()) {
			if (mev == null) {
			    mev = new ManifestEntryVerifier
				(getManifestFromReference());
			}
			byte[] b = getBytes(e);
			if (b != null && b.length > 0) {
			    jv.beginEntry(e, mev);
			    jv.update(b.length, b, 0, b.length, mev);
			    jv.update(-1, null, 0, 0, mev);
			}
		    }
		}
	    }
	} catch (IOException ex) {
	    // if we had an error parsing any blocks, just
	    // treat the jar file as being unsigned
	    jv = null;
            verify = false;
	}

	// if after initializing the verifier we have nothing
	// signed, we null it out.

	if (jv != null) {

	    jv.doneWithMeta();
	    if (JarVerifier.debug != null) {
		JarVerifier.debug.println("done with meta!"); 
	    }

	    if (jv.nothingToVerify()) {
		if (JarVerifier.debug != null) {
		    JarVerifier.debug.println("nothing to verify!");
		}
		jv = null;
                verify = false;
	    }
	}
    }

    /*
     * Reads all the bytes for a given entry. Used to process the
     * META-INF files.
     */
    private byte[] getBytes(ZipEntry ze) throws IOException {
	byte[] b = new byte[(int)ze.getSize()];
	DataInputStream is = new DataInputStream(super.getInputStream(ze));
	is.readFully(b, 0, b.length);
	is.close();
	return b;
    }

    /**
     * Returns an input stream for reading the contents of the specified
     * zip file entry.
     * @param ze the zip file entry
     * @return an input stream for reading the contents of the specified
     *         zip file entry
     * @throws ZipException if a zip file format error has occurred
     * @throws IOException if an I/O error has occurred
     * @throws SecurityException if any of the jar file entries
     *         are incorrectly signed.
     * @throws IllegalStateException
     *         may be thrown if the jar file has been closed
     */
    public synchronized InputStream getInputStream(ZipEntry ze) 
	throws IOException 
    {
        maybeInstantiateVerifier();
	if (jv == null) {
	    return super.getInputStream(ze);
	}
	if (!jvInitialized) {
	    initializeVerifier();
	    jvInitialized = true;
	    // could be set to null after a call to
	    // initializeVerifier if we have nothing to
	    // verify
	    if (jv == null)
		return super.getInputStream(ze);
	}

	// wrap a verifier stream around the real stream
	return new JarVerifier.VerifierStream(
	    getManifestFromReference(),
	    ze instanceof JarFileEntry ?
	    (JarEntry) ze : getJarEntry(ze.getName()),
	    super.getInputStream(ze),
	    jv);
    }

    // Statics for hand-coded Boyer-Moore search in hasClassPathAttribute()
    // The bad character shift for "class-path"
    private static int[] lastOcc;
    // The good suffix shift for "class-path"
    private static int[] optoSft;
    // Initialize the shift arrays to search for "class-path"
    private static char[] src = {'c','l','a','s','s','-','p','a','t','h'};
    static {
	lastOcc = new int[128];
	optoSft = new int[10];
	lastOcc[(int)'c']=1;
	lastOcc[(int)'l']=2;
	lastOcc[(int)'s']=5;
	lastOcc[(int)'-']=6;
	lastOcc[(int)'p']=7;
	lastOcc[(int)'a']=8;
	lastOcc[(int)'t']=9;
	lastOcc[(int)'h']=10;
	for (int i=0; i<9; i++)
	    optoSft[i]=10;
	optoSft[9]=1;
    }
 
    private JarEntry getManEntry() {
	if (manEntry == null) {
	    // First look up manifest entry using standard name
	    manEntry = getJarEntry(MANIFEST_NAME);
            if (manEntry == null) {
                // If not found, then iterate through all the "META-INF/"
                // entries to find a match.
                String[] names = getMetaInfEntryNames();
                if (names != null) {
                    for (int i = 0; i < names.length; i++) {
                        if (MANIFEST_NAME.equals(
                                                 names[i].toUpperCase(Locale.ENGLISH))) {
                            manEntry = getJarEntry(names[i]);
                            break;
                        }
                    }
                }
            }
	}
	return manEntry;
    }

    // Returns true iff this jar file has a manifest with a class path
    // attribute. Returns false if there is no manifest or the manifest
    // does not contain a "Class-Path" attribute. Currently exported to
    // core libraries via sun.misc.SharedSecrets.
    boolean hasClassPathAttribute() throws IOException {
        if (computedHasClassPathAttribute) {
            return hasClassPathAttribute;
        }

        hasClassPathAttribute = false;
        if (!isKnownToNotHaveClassPathAttribute()) {
            JarEntry manEntry = getManEntry();
            if (manEntry != null) {
                byte[] b = new byte[(int)manEntry.getSize()];
                DataInputStream dis = new DataInputStream(
                                                          super.getInputStream(manEntry));
                dis.readFully(b, 0, b.length);
                dis.close();
 
                int last = b.length - src.length;
                int i = 0;
                next:       
                while (i<=last) {
                    for (int j=9; j>=0; j--) {
                        char c = (char) b[i+j];
                        c = (((c-'A')|('Z'-c)) >= 0) ? (char)(c + 32) : c;
                        if (c != src[j]) {
                            i += Math.max(j + 1 - lastOcc[c&0x7F], optoSft[j]);
                            continue next;
                        }
                    }
                    hasClassPathAttribute = true;
                    break;
                }
            }
        }
        computedHasClassPathAttribute = true;
        return hasClassPathAttribute;
    }

    private static String javaHome;
    private static String[] jarNames;
    private boolean isKnownToNotHaveClassPathAttribute() {
        // Optimize away even scanning of manifest for jar files we
        // deliver which don't have a class-path attribute. If one of
        // these jars is changed to include such an attribute this code
        // must be changed.
        if (javaHome == null) {
            javaHome = (String) AccessController.doPrivileged(
                new GetPropertyAction("java.home"));
        }
        if (jarNames == null) {
            String[] names = new String[10];
            String fileSep = File.separator;
            int i = 0;
            names[i++] = fileSep + "rt.jar";
            names[i++] = fileSep + "sunrsasign.jar";
            names[i++] = fileSep + "jsse.jar";
            names[i++] = fileSep + "jce.jar";
            names[i++] = fileSep + "charsets.jar";
            names[i++] = fileSep + "dnsns.jar";
            names[i++] = fileSep + "ldapsec.jar";
            names[i++] = fileSep + "localedata.jar";
            names[i++] = fileSep + "sunjce_provider.jar";
            names[i++] = fileSep + "sunpkcs11.jar";
            jarNames = names;
        }

        String name = getName();
        String localJavaHome = javaHome;
        if (name.startsWith(localJavaHome)) {
            String[] names = jarNames;
            for (int i = 0; i < names.length; i++) {
                if (name.endsWith(names[i])) {
                    return true;
                }
            }
        }
        return false;
    }

    private synchronized void ensureInitialization() {
	try {
	    maybeInstantiateVerifier();
	} catch (IOException e) {
	    throw new RuntimeException(e);
	}
	if (jv != null && !jvInitialized) {
	    initializeVerifier();
	    jvInitialized = true;
	}
    }

    JarEntry newEntry(ZipEntry ze) {
	return new JarFileEntry(ze);
    }

    Enumeration<String> entryNames(CodeSource[] cs) {
	ensureInitialization();
	if (jv != null) {
	    return jv.entryNames(this, cs);
	}
	
	/*
	 * JAR file has no signed content. Is there a non-signing
	 * code source?
	 */
	boolean includeUnsigned = false;
	for (int i=0; i < cs.length; i++) {
	    if (cs[i].getCodeSigners() == null) {
		includeUnsigned = true;
		break;
	    }
	}
	if (includeUnsigned) {
	    return unsignedEntryNames();
	} else {
	    return new Enumeration<String>() {
	        public boolean hasMoreElements() {
		    return false;
	        }
	        public String nextElement() {
		    throw new NoSuchElementException();
	        }
	    };
	}
    }
	    
    /**
     * Returns an enumeration of the zip file entries
     * excluding internal JAR mechanism entries and including
     * signed entries missing from the ZIP directory.
     */
    Enumeration<JarEntry> entries2() {
	ensureInitialization();
	if (jv != null) {
	    return jv.entries2(this, super.entries());
	}

	// screen out entries which are never signed
	final Enumeration enum_ = super.entries();
	return new Enumeration<JarEntry>() {
	    ZipEntry entry;
	    public boolean hasMoreElements() {
		if (entry != null) {
		    return true;
		}
		while (enum_.hasMoreElements()) {
		    ZipEntry ze = (ZipEntry) enum_.nextElement();
		    if (JarVerifier.isSigningRelated(ze.getName())) {
			continue;
		    }
		    entry = ze;
		    return true;
		}
		return false;
	    }
	    public JarFileEntry nextElement() {
                if (hasMoreElements()) {
                     ZipEntry ze = entry;
                     entry = null;
                     return new JarFileEntry(ze);
                 }
                 throw new NoSuchElementException();
	    }
	};
    }
	    
    CodeSource[] getCodeSources(URL url) {
	ensureInitialization();
	if (jv != null) {
	    return jv.getCodeSources(this, url);
	}

	/*
	 * JAR file has no signed content. Is there a non-signing
	 * code source?
	 */
	Enumeration unsigned = unsignedEntryNames();
	if (unsigned.hasMoreElements()) {
	    return new CodeSource[] { JarVerifier.getUnsignedCS(url) };
	} else {
	    return null;
	}
    }

    private Enumeration<String> unsignedEntryNames() {
	final Enumeration entries = entries();
	return new Enumeration<String>() {
	    String name;

	    /*
	     * Grab entries from ZIP directory but screen out
	     * metadata.
	     */
	    public boolean hasMoreElements() {
		if (name != null) {
		    return true;
		}
		while (entries.hasMoreElements()) {
		    String value;
		    ZipEntry e = (ZipEntry) entries.nextElement();
		    value = e.getName();
		    if (e.isDirectory() || JarVerifier.isSigningRelated(value)) {
			continue;
		    }
		    name = value;
		    return true;
		}
		return false;
	    }
	    public String nextElement() {
                if (hasMoreElements()) {
                     String value = name;
                     name = null;
                     return value;
                 }
                 throw new NoSuchElementException();
	    }
	};
    }

    CodeSource getCodeSource(URL url, String name) {
	ensureInitialization();
	if (jv != null) {
	    if (jv.eagerValidation) {
		CodeSource cs = null;
		JarEntry je = getJarEntry(name);
		if (je != null) {
	            cs = jv.getCodeSource(url, this, je);
		} else {
	            cs = jv.getCodeSource(url, name);
		}
		return cs;
	    } else {
	        return jv.getCodeSource(url, name);
	    }
	}

	return JarVerifier.getUnsignedCS(url);
    }

    void setEagerValidation(boolean eager) {
	try {
	    maybeInstantiateVerifier();
	} catch (IOException e) {
	    throw new RuntimeException(e);
	}
	if (jv != null) {
	    jv.setEagerValidation(eager);
	}
    }

    List getManifestDigests() {
	ensureInitialization();
	if (jv != null) {
	    return jv.getManifestDigests();
	}
	return new ArrayList();
    }
}
